CVE-2007-0223

SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter.

Published: Jan 13, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-0223
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
nicola_asuni / all_in_one_control_panel	1.3.005	1.3.005.x
nicola_asuni / all_in_one_control_panel	1.3.007	1.3.007.x
nicola_asuni / all_in_one_control_panel	1.3.002	1.3.002.x
nicola_asuni / all_in_one_control_panel	1.3.008	1.3.008.x
nicola_asuni / all_in_one_control_panel	1.3.000	1.3.000.x
nicola_asuni / all_in_one_control_panel	1.3.003	1.3.003.x
nicola_asuni / all_in_one_control_panel	1.3.006	1.3.006.x
nicola_asuni / all_in_one_control_panel	1.3.001	1.3.001.x
nicola_asuni / all_in_one_control_panel	1.3.004	1.3.004.x

http://osvdb.org/31641
http://secunia.com/advisories/23726
http://sourceforge.net/project/shownotes.php?release_id=477845
http://www.securityfocus.com/bid/22019
https://exchange.xforce.ibmcloud.com/vulnerabilities/31591

Vulnerability Database

290,476

CVE-2007-0223